1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
|
#use wml::debian::translation-check translation="1.3"
<define-tag pagetitle>Uppdaterad Debian 6.0: 6.0.6 utgiven</define-tag>
<define-tag release_date>2012-09-29</define-tag>
#use wml::debian::news
<define-tag release>6.0</define-tag>
<define-tag codename>squeeze</define-tag>
<define-tag revision>6.0.6</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
}
print join (", ", @p);
:></td><td align="left">%3</td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
##
## Translators should uncomment the following line and add their name
## Leaving translation at 1.1 is okay; that's the first version which will
## be added to Debian's webwml repository
##
# ← this one must be removed; not that one → #use wml::debian::translation-check translation="1.1" maintainer=""
<p>
Debianprojektet tillkännager stolt den sjätte uppdateringen av dess stabila
utgåva Debian <release> (med kodnamn <q><codename></q>).
Denna uppdatering lägger främst till rättningar för säkerhetsproblem till den
stabila utgåvan, tillsammans med några korrigeringar till några allvarliga
problem. Säkerhetsbulletiner har redan publicerats separat och refereras när
dom finns tillgängliga.
</p>
<p>
Vänligen notera att denna uppdatering inte innebär en ny version av Debian
<release> utan endast uppdaterar några av de inkluderade paketen. Det finns
ingen anledning att kasta bort <release>-CDs eller DVDs utan allt som behövs
är att uppdatera via en uppdaterad Debianspegling efter en installation, för
att få alla inaktuella paket uppdaterade.
</p>
<p>
Dom som frekvent installerar uppdateringar från security.debian.org kommer
inte att behöva uppdatera många paket och de flesta uppdateringar från
security.debian.org inkluderas i denna uppdatering.
</p>
<p>
Nya installationsmedia och CD- och DVD-avbildningar med uppdaterade paket
kommer att finnas tillgängliga snart på dom vanliga platserna.
</p>
<p>
En uppgradering online till denna revision görs vanligtvis genom att peka
paketverktyget aptitude eller apt (se manualsidan för sources.list(5)) mot
en av Debians många FTP eller HTTP-speglingar. En fullständig lista på
speglar finns på:
</p>
<div class="center">
<a href="$(HOME)/mirror/list">http://www.debian.org/mirror/list</a>
</div>
<h2>Diverse felrättningar</h2>
<p>
Denna uppdatering av den stabila utgåvan lägger till några viktiga
felrättningar till följande paket:
</p>
<table border=0>
<tr><th>Paket</th> <th>Orsak</th></tr>
<correction alpine "Fix crash in embedded UW-IMAP copy">
<correction apache2 "mod_negotiation - fix CVE-2012-2687; mod_cache - don't cache partial connections; read timeouts should result in a 408">
<correction automake1.10 "Fix CVE-2012-3386">
<correction automake1.11 "Fix CVE-2012-3386">
<correction automake1.7 "Fix CVE-2012-3386">
<correction automake1.9 "Fix CVE-2012-3386">
<correction base-files "Update /etc/debian_version for the point release">
<correction checkgmail "Fix GMail authentication issues">
<correction clamav "New upstream release">
<correction debian-archive-keyring "Add wheezy stable and archive signing keys">
<correction dpkg "Ensure a reliable unpack on SELinux systems">
<correction eglibc "Really enable patches/any/cvs-dlopen-tls.diff; fix FORTIFY_SOURCE format string protection bypass; fix a DoS in RPC implementation">
<correction emesene "Update contact end-point to local-bay.contacts.msn.com">
<correction geshi "Fix 'Local File Inclusion Vulnerability in contrib script'">
<correction gosa "Security fix (missing escaping)">
<correction ia32-libs "Update packages">
<correction libconfig-inifiles-perl "Fix insecure temporary file use">
<correction libgc "Check for integer overflow in internal malloc and calloc routines">
<correction libmtp "Fix device flags for some devices; add support for new devices">
<correction libxslt "Fix CVE-2011-1202, CVE-2011-3970, CVE-2012-2825">
<correction links2 "Security fixes">
<correction linux-2.6 "DRM fixes; leap second fix; security fixes; various driver fixes">
<correction linux-kernel-di-amd64-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-armel-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-i386-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-ia64-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-mips-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-mipsel-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-powerpc-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-s390-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-sparc-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction lockfile-progs "Ensure the correct PID is used when creating lockfiles">
<correction mysql-mmm "Add dependency on libpath-class-perl">
<correction network-manager "Stop allowing ad-hoc WPA networks to be created; kernel bugs mean they get created as open networks">
<correction nss-pam-ldapd "Support larger gecos values; reliability fixes">
<correction nvidia-graphics-drivers "Fix information leak in the kernel module; fix arbitrary memory access vulnerability; fix local privilege escalation through VGA window manipulation">
<correction nvidia-graphics-modules "Rebuild against 195.36.31-6squeeze1 kernel modules for security fixes; rebuild to fix CVE-2012-4225">
<correction php-memcached "Fix session.gc_maxlifetime handling">
<correction plymouth "Fix the init script to not fail when the package is removed">
<correction policyd-weight "Remove rfc-ignorant.org RBLs (due to upcoming shutdown) and rbl.ipv6-world.net">
<correction postgresql-common "Do not remove the PID file after SIGKILLing the postmaster in the <q>last-ditch effort to shut down</q> in --force mode">
<correction powertop "Fix segfault on newer kernels with large config files">
<correction publican "Add dependency and build-dependency on libio-string-perl">
<correction rstatd "Support Linux 3.x kernels">
<correction spip "Fix base name disclosure; security fixes">
<correction tor "New upstream; fix TLS 1.1/1.2 renegotiation with openssl 1.0.1; fix potential DOS; fix two crashes and an information disclosure issue">
<correction ttb "Add dependency on python-glade2">
<correction vte "Fix a memory exhaustion vulnerability">
<correction wims "Fix installation problem">
<correction wireshark "Fix crashes in ANSI A detector and pcap / pcap-ng parsers">
<correction xserver-xorg-video-intel "UXA/glyphs: fall back instead of crashing on large strings">
<correction yaws "Fix RNG strength; fix mail config loading">
</table>
<h2>Säkerhetsuppdateringar</h2>
<p>
Denna revision lägger till följande säkerhetsuppgraderingar till den stabila
utgåvan. Säkerhetsgruppen har redan släppt bulletiner för följande
uppdateringar:
</p>
<table border=0>
<tr><th>Bulletin-ID</th> <th>Paket</th> <th>Rättning(ar)</th></tr>
<dsa 2012 2457 iceweasel "Regression fix">
<dsa 2012 2458 iceape "Regression fix">
<dsa 2012 2465 php5 "Multiple issues">
<dsa 2012 2466 rails "Cross site scripting">
<dsa 2012 2467 mahara "Insecure defaults">
<dsa 2012 2468 libjakarta-poi-java "Unbounded memory allocation">
<dsa 2012 2470 wordpress "Multiple issues">
<dsa 2012 2471 ffmpeg "Multiple issues">
<dsa 2012 2472 gridengine "Privilege escalation">
<dsa 2012 2473 openoffice.org "Buffer overflow">
<dsa 2012 2474 ikiwiki "Cross-site scripting">
<dsa 2012 2475 openssl "Integer underflow">
<dsa 2012 2476 pidgin-otr "Format string vulnerability">
<dsa 2012 2477 sympa "Authorization bypass">
<dsa 2012 2478 sudo "Parsing error">
<dsa 2012 2479 libxml2 "Off-by-one">
<dsa 2012 2480 request-tracker3.8 "Regression">
<dsa 2012 2481 arpwatch "Fails to drop supplementary groups">
<dsa 2012 2482 libgdata "No verification of TLS certificates against system root CA">
<dsa 2012 2483 strongswan "Authentication bypass">
<dsa 2012 2484 nut "Denial of service">
<dsa 2012 2485 imp4 "Cross site scripting">
<dsa 2012 2486 bind9 "Denial of service">
<dsa 2012 2487 openoffice.org "Buffer overflow">
<dsa 2012 2488 iceweasel "Multiple issues">
<dsa 2012 2489 iceape "Multiple issues">
<dsa 2012 2490 nss "Denial of service">
<dsa 2012 2491 postgresql-8.4 "Multiple issues">
<dsa 2012 2492 php5 "Buffer overflow">
<dsa 2012 2493 asterisk "Denial of service">
<dsa 2012 2494 ffmpeg "Multiple issues">
<dsa 2012 2495 openconnect "Buffer overflow">
<dsa 2012 2497 quagga "Denial of service">
<dsa 2012 2498 dhcpcd "Remote stack overflow">
<dsa 2012 2499 icedove "Multiple issues">
<dsa 2012 2500 mantis "Multiple issues">
<dsa 2012 2501 xen "Multiple issues">
<dsa 2012 2502 python-crypto "Programming error">
<dsa 2012 2503 bcfg2 "Shell command injection">
<dsa 2012 2504 libspring-2.5-java "Information disclosure">
<dsa 2012 2505 zendframework "Information disclosure">
<dsa 2012 2506 libapache-mod-security "Modsecurity bypass">
<dsa 2012 2507 openjdk-6 "Multiple issues">
<dsa 2012 2508 kfreebsd-8 "Privilege escalation">
<dsa 2012 2509 pidgin "Remote code execution">
<dsa 2012 2510 extplorer "Cross-site request forgery">
<dsa 2012 2511 puppet "Multiple issues">
<dsa 2012 2512 mono "Missing input sanitising">
<dsa 2012 2513 iceape "Multiple issues">
<dsa 2012 2514 iceweasel "Multiple issues">
<dsa 2012 2515 nsd3 "Null pointer dereference">
<dsa 2012 2516 isc-dhcp "Denial of service">
<dsa 2012 2517 bind9 "Denial of service">
<dsa 2012 2518 krb5 "Denial of service">
<dsa 2012 2519 isc-dhcp "Denial of service">
<dsa 2012 2520 openoffice.org "Multiple heap-based buffer overflows">
<dsa 2012 2521 libxml2 "Integer overflows">
<dsa 2012 2522 fckeditor "Cross site scripting">
<dsa 2012 2523 globus-gridftp-server "Programming error">
<dsa 2012 2523 globus-gridftp-server-control "Programming error">
<dsa 2012 2524 openttd "Multiple issues">
<dsa 2012 2525 expat "Multiple issues">
<dsa 2012 2526 libotr "Buffer overflow">
<dsa 2012 2527 php5 "Multiple issues">
<dsa 2012 2528 icedove "Multiple issues">
<dsa 2012 2529 python-django "Multiple issues">
<dsa 2012 2530 rssh "Shell command injection">
<dsa 2012 2531 xen "Denial of service">
<dsa 2012 2532 libapache2-mod-rpaf "Denial of service">
<dsa 2012 2533 pcp "Multiple issues">
<dsa 2012 2534 postgresql-8.4 "Multiple issues">
<dsa 2012 2535 rtfm "Cross-site scripting">
<dsa 2012 2536 otrs2 "Cross-site scripting">
<dsa 2012 2537 typo3-src "Multiple issues">
<dsa 2012 2538 moin "Privilege escalation">
<dsa 2012 2539 zabbix "SQL injection">
<dsa 2012 2540 mahara "Cross-site scripting">
<dsa 2012 2541 beaker "Information disclosure">
<dsa 2012 2542 qemu-kvm "Multiple issues">
<dsa 2012 2543 xen-qemu-dm-4.0 "Multiple issues">
<dsa 2012 2544 xen "Denial of service">
<dsa 2012 2545 qemu "Multiple issues">
<dsa 2012 2546 freeradius "Code execution">
<dsa 2012 2547 bind9 "Improper assert">
<dsa 2012 2548 tor "Multiple issues">
<dsa 2012 2549 devscripts "Multiple issues">
</table>
<h2>Debianinstalleraren</h2>
<p>
Installeraren har byggts om för att inkludera felrättningarna som
inkluderas i stabila utgåvan med denna punktutgåva.
</p>
<h2>Borttagna paket</h2>
<p>
Följande paket har tagits bort som en följd av problem utom vår kontroll:
</p>
<table border=0>
<tr><th>Paket</th> <th>Orsak</th></tr>
<correction blockade "Icke-distribuerbara datafiler">
<correction kcheckgmail "Icke underhållen; fungerar inte efter Googles förändringar">
<correction libtrash "Icke underhållen; fungerar inte">
</table>
<h2>URLer</h2>
<p>
Den fullständiga listan på paket som har förändrats med denna revision:
</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>Den aktuella stabila utgåvan:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/stable/">
</div>
<p>Föreslagna uppdateringar till den stabila utgåvan:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/proposed-updates">
</div>
<p>Information om den stabila utgåvan (versionsfakta, kända problem, osv.):</p>
<div class="center">
<a
href="$(HOME)/releases/stable/">http://www.debian.org/releases/stable/</a>
</div>
<p>Säkerhetsbulletiner och information:</p>
<div class="center">
<a href="$(HOME)/security/">http://security.debian.org/</a>
</div>
<h2>Om Debian</h2>
<p>Debianprojektet är en grupp av utvecklare av Fri mjukvara som donerar sin
tid och kraft för att producera det helt fria operativsystemet Debian.</p>
<h2>Kontaktinformation</h2>
<p>För mer information, besök Debians webbplats på <a
href="$(HOME)/">http://www.debian.org/</a>, skicka e-post till
<press@debian.org> (på engelska), eller kontakta gruppen för stabila utgåvor på
<debian-release@lists.debian.org> (på engelska).</p>
|
